A Wall Street Journal article outlined the accelerated pace of corporate bond downgrades amidst the COVID‑19 pandemic and economic crisis. It has been the swiftest pace of downgrades on record over the last two weeks. Ford was the latest big name to be downgraded to junk, while approximately $90bn of debt was downgraded in March, and some estimate the number to reach $200bn this year.
The debt downgrades not only put pressure on corporate balance sheets, they also put added financial constraints on companies’ abilities to allocate the necessary resources to cybersecurity. Viewing the COVID‑19 disruption through a Cyber-Financial (CyFi) lens, this pressure is particularly acute for companies with poor cyber governance, which is partly reflected in company financials. Cyber governance impacts shareholder value, and companies with poor cyber governance often need to improve the size and quality of their investment in cybersecurity. A credit downgrade only makes the challenge more difficult, particularly amidst a recession.
Companies with strong cyber governance are proving more resilient in the face of the pandemic’s economic shocks, while companies experiencing downgrades and underperforming on cyber governance are faced with difficult resource allocation decisions. Companies that neglected investments in security in exchange for some combination of additional cost savings, more dividend payments, and share buybacks are now coming to terms with a rapidly changing resource allocation paradigm.
Cyber deserves to be prioritized, especially for the poor performers. This is clearly shown by the Cyberhedge Cyber Governance Indices, which show stock price outperformance of companies that are highly rated in cyber governance (5 Star) vs. those that are poorly rated in cyber governance (1 Star). This outperformance has been consistent over time, including during the recent market turmoil.